<?php

//retrieve our data from POST

$username = $_POST['webmaster_username'];
$pass1 = $_POST['pass1'];
$pass2 = $_POST['pass2'];
$permission = $_POST['permission'];

if($pass1 != $pass2)

    header('Location: register_form.php');

if(strlen($username) > 30)

    header('Location: register_form.php');
	
$hash = hash('sha256', $pass1);

//creates a 3 character sequence

function createSalt()
	
	{
    $string = md5(uniqid(rand(), true));
    return substr($string, 0, 3);
	}
	
$salt = createSalt();
$hash = hash('sha256', $salt . $hash);

$dbhost = 'localhost';
$dbname = 'z247s504_website';
$dbuser = 'z247s504_admin';
$dbpass = 'PxLpCd07'; //not really
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
mysql_select_db($dbname, $conn);

//sanitize username

$username = mysql_real_escape_string($username);
$query = "
	INSERT INTO webmaster_users 
		(
		username,
		password,
		salt,
		permission
		)
		
    VALUES 
		(
		'$username',
		'$hash',
		'$salt',
		'$permission'
		);
		";
		
mysql_query($query);
mysql_close();
header('Location: webmaster_account.php');

?>